How to build a CVEDetails alternative website?

Step 1. Clone and setup follow the guide on CVEDataFeed repository
> git clone https://github.com/cuongmx/CVEDataFeed.git
Step 2. Create a mongodb, use something like mlab or MongoDB Atlas
Step 3. Setup environments and run command to import database from NVD
> python3 cvedatafeed.py importonline
Step 4. Build a frontend to browser all collection from the MongoDB (like https://cvedata.com)
The dashboard on CVEData.com

0. A story

No update from Nov 2019 on CVEDetails
Google just show some popular sites which not like CVEDetails
No answer on reddit
No hope
Very impulsive :-s
NVD data source from Serkan Özkan’s slide on Blackhat 2012
CPE name from NVD

1. NVD Datasource

NVD update every 2 hours
Json data and keep update

2. CPE Name

CPE
cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:* is used to define the Linux Kernel product, version 2.4.7 by Linux vendor, type is Operating system. CPE:2.3 is version of CVE.

3. Some others

The comparison result, more details in github
#testFilter("exec code",[r"(code|command).*(execution|execute)", r"(execution|execute).*(code|command)"])
#out: 10552/10552
#testFilter("dos",[r"denial of service"])
#out: 8260/8260
#testFilter("overflow",[r"overflow", r"(restrict|crash|invalid|violat|corrupt).*(buffer|stack|heap|memory)", r"(buffer|stack|heap|memory).*(restrict|crash|invalid|violat|corrupt)"])
#out: 5242/5814
#testFilter("priv",[r"(gain|escalat).*privil", r"privil.*(gain|escalat)"])
#out: 1910/1910
privilegesRequired, userInteraction and scope are missing field of CVSS2

4. CVEData architect

CVEData Architect

5. Next step

--

--

--

I'm a developer working in cyber security. My regularly IDE is MS Word.

Love podcasts or audiobooks? Learn on the go with our new app.

A Reference Guide for Smith Computer Science Students

Weekly Assigment-3

Optimization Modelling in Python: Multiple Objectives

Handling errors with ErrorType in Swift 2.1

Programming; Today VS The Past

Upcoming world of nfts https://experty.io/mir4-as-a-new-big-player-in-the-play-to-earn-world

The Fun World of User Written Stata Commands

Stunnel + OpenVPN Client on Ubuntu

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
cuongmx

cuongmx

I'm a developer working in cyber security. My regularly IDE is MS Word.

More from Medium

200+ Organizations Now Participating as CVE Numbering Authorities (CNAs)

‘Brazen’ Lapsus$ ransomware group menaces Big Tech

How to get links to all Behance projects

NOTE: I assume that the keys have been exchanged using any key exchange protocol.